|
(11) | EP 0 402 758 A2 |
| (12) | EUROPEAN PATENT APPLICATION |
|
|
|
|
|||||||||||||||||||||||||||
| (54) | Portable electronic device having versatile program storage |
| (57) A portable electronic device which has an on-line mode in which the device is connected
to an external apparatus (16) in use, and an off-line mode in which the device is
solely used, and incorporates a battery (25), comprises a data processing unit (28,
20, 26, 29, 30) having a basic processing function of the device, and a user application
processing function, a memory unit (29 - 31) having a first memory area (31c), which
is inhibited from writing, for storing a program for executing the basic processing
function, and a rewritable second memory area (31a, 31b) for storing a user application
program and data for it, and a memory controller (40X) for, when the user application
program accesses the second memory area (31a, 31b) by a predetermined access command
and when the access command includes a predetermined access approval code, approving
read/write access to the second memory area (31a, 31b), and for, when the access command
does not include the predetermined access approval code, disapproving read/write access
to the second memory area (31a, 31b). |
[0001] The present invention relates to a multifunctional portable electronic device such as an IC card, which incorporates, e.g., a CPU, a data memory, a built-in battery, and the like, and is solely used to provide an electronic calculator function, a time display function, and the like, and is inserted in a terminal in use.
[0002] Conventionally, multifunctional IC cards have been developed. An IC card of this type incorporates a CPU (control element), a data memory, and the like, has a keyboard, a display unit, and the like, and is solely used to provide an electronic calculator function, a time display function, or the like, or is inserted in a terminal in use. The CPU, the data memory, and the like are incorporated as an LSI.
[0003] In an IC card of this type, a program is examined according to specifications presented by a customer, and thereafter, programming, debugging, tests, and the like are performed. Then, the manufacture of a new LSI is started from design of a mask. In this case, basic functions are stored in a program memory comprising a mask ROM.
[0004] For this reason, every time specifications are changed or a new function is added, an LSI must be manufactured, resulting in high cost of the LSI, i.e., an IC card. In addition, a development period (mainly for a program) is undesirably prolonged.
[0005] It is an object of the present invention to provide a portable electronic device which can prevent an increase in cost, and can shorten a development period.
[0006] A portable electronic device of the present invention has a control element and a memory means. The memory means has a nonrewritable first memory area for storing a basic function, and a rewritable second memory area for storing a user application program. When the second memory area is to be accessed by the application program, it is checked if an access command includes an access approval key. Whether or not access is approved or disapproved is determined based on the checking result.
[0007] This invention can be more fully understood from the following detailed description when taken in conjunction with the accompanying drawings, in which:
Figs. 1 to 6 are views for explaining an embodiment of the present invention, in which:
Fig. 1 is a schematic block diagram showing an arrangement of an electrical circuit of an IC card;
Fig. 2 is a plan view showing an arrangement of the IC card;
Fig. 3 is a perspective view showing a terminal for the IC card;
Fig. 4 shows a memory map of a data memory;
Fig. 5 is a circuit diagram showing an arrangement of a memory controller; and
Fig. 6 shows a data format including an approval code.
[0008] An embodiment of the present invention will be described below with reference to the accompanying drawings.
[0009] In Fig. 2, reference numeral 10 denotes an IC card as a portable electronic device, which is a multifunctional IC card having various functions. For example, IC card 10 has an on-line function used with a terminal (not shown), an off-line function in which IC card 10 is solely operated, and a standby state wherein only a timepiece function is enabled.
[0010] The off-line function includes an electronic calculator mode in which the card can be used as an electronic calculator, a clock mode for displaying a time of a timepiece for a user, an electronic note (memorandum) mode in which addresses, names, telephone numbers, and the like are registered or read out, and a purchase mode in which IC card 10 is utilized as a plurality of kinds of credit cards. Thus, IC card 10 can be solely used in these modes.
[0011] In the purchase mode, IC card 10 stores a balance, a valid date, purchase records, and the like. Upon every purchase, a purchase amount is subtracted from the balance stored in IC card 10, and purchase information is recorded. When the balance in IC card 10 becomes zero or the valid date expires, a secret code is issued from a contract bank, thus updating the contents of the IC card.
[0012] Contacts portion 11 arranged at a position designated by the standards of a card, keyboard 12 including 20 keys, and display unit 13 arranged on a surface portion above keyboard 12 and formed of a liquid crystal element are arranged on the surface of IC card 10.
[0013] Contacts portion 11 includes a plurality of terminals 11a to 11f, i.e., an operation power supply voltage (Vcc, +5 V) terminal, an EEPROM write power supply voltage terminal (Vpp, +12 V to +24 V), a ground terminal, a clock signal terminal, a reset signal terminal, and data I/O terminals.
[0014] Keyboard 12 includes selection keys (M1, M2, M3, and M4) 12a for selecting processing operations corresponding to kinds of card (e.g., various credit cards, cash cards, and the like), ten-key pad 12b, four-arithmetic rule keys, that is, addition (+) key 12c, subtraction (-) key 12d, division (+) key 12e, multiplication (x) key 12f, decimal point (.) key 12g, and equal (=) key 12h.
[0015] Addition key 12c is used as a NEXT key, i.e., a mode selection key for selecting a mode during a display of a date and time in the off-line mode. Subtraction key 12d is used as a BACK key, i.e., a key for returning a display state of display unit 13 to a previous state. Multiplication key 12f is used as a start key. Decimal point key 12g is used as a NO key or an end key. Equal key 12h is used as a YES key or a power-on key.
[0016] When equal key 12h is depressed as the power-on key, a CPU (to be described later) is released from a HALT state, and causes display unit 13 to display time and date as an operation start message.
[0017] In this state, when keys of ten-key pad 12b are depressed, IC card 10 is set in the electronic calculator mode, and four arithmetic operations can be performed.
[0018] Addition key 12c as the mode selection key is used as a key for advancing the display state of display unit 13 which is displaying date and time to another mode. Every time addition key 12c is depressed, the electronic memorandum, time set, date set, purchase transaction modes, and the like are displayed on display unit 13 as a menu. When these modes are executed, equal key 12h is depressed as the YES key. Thus, the selected mode can be executed.
[0020] Fig. 3 shows an outer appearance of IC card reader/writer 16 connected to a terminal such as personal computer PC dealing with IC card 10. More specifically, personal computer PC electrically connected to contacts portion 11 of IC card 10 inserted from card slot 17 reads or writes data from or in a memory of IC card 10.
[0021] IC card reader/writer 16 is connected to a main body of personal computer PC through a cable.
[0022] An electrical circuit of IC card 10 (CMOS) is arranged, as shown in Fig. 1. More specifically, the electrical circuit comprises contacts portion 11, communication circuit 21, reset circuit 22, power supply regulator 23, internal battery (built-in battery) 25 of, e.g., 3 V, battery checker 24 for checking if a voltage value of built-in battery 25 is equal to or higher than a rated value, clock controller 26, oscillator 27, as an arithmetic clock quartz oscillator, for outputting a signal at an oscillation frequency of 200 kHz (high-speed clock), control CPU (central processing unit) 28, mask ROM 29 for storing a basic program and data necessary for it, work memory 30 for executing a program, data memory 31, comprising an EEPROM, for storing an ID number, data, and the like, and a user program and the basic program, memory controller 40X for controlling mask ROM 29 and data memory 31, timer 32 used for measuring time during a processing operation, calender circuit 33, oscillator 34, as a fundamental clock quartz oscillator, for outputting a signal at an oscillation frequency of 32.768 kHz (low-speed clock), display controller 35, display driver 36 for driving display unit 13, and keyboard interface 38 as a key input circuit for keyboard 12.
[0023] Communication circuit 21, CPU 28, ROM 29, memory controller 40X, work memory 30, data memory 31, timer 32, calender circuit 33, display controller 35, and keyboard interface 38 are connected to each other through data bus 20.
[0024] In a reception mode, communication circuit 21 converts serial I/O signals supplied, through contacts portion 11, from IC card reader/writer 16 connected to terminal PC into parallel data, and outputs it onto data bus 20. In a transmission mode, circuit 21 converts parallel data supplied from data bus 20 into serial I/O signals, and outputs them to terminal PC through contacts portion 11. In this case, the format content of conversion is determined by software of terminal PC and specifications of IC card 10.
[0026] Power supply regulator 23 switches a drive mode from one by built-in battery 25 to the other by an external power supply after the lapse of a predetermined period of time from the beginning of the on-line mode. When the off-line mode is set, i.e., an external voltage is decreased below a predetermined value, regulator 23 switches the drive mode from one by the external power supply to the other by built-in battery 25.
[0027] Clock controller 26 appropriately switches the low- and high-speed clocks in the off-line mode in which a card operation is performed by built-in battery 25. For the purpose of power saving, after execution of a HALT command, controller 26 stops oscillator 27 which outputs a signal of an oscillation frequency of 200 kHz (high-speed clock), thereby stopping supply of a clock to CPU 28. Then, controller 26 causes IC card 10 to wait in a perfect HALT state. Upon execution of the reset and HALT commands, clock controller 26 stops generation of the high-speed clock, and basically selects a timepiece low-speed clock (32.768 kHz).
[0028] The basic program stored in mask ROM 29 includes a credit function, a drive program for I/O control, a calender function, and various other subroutine functions.
[0029] Data memory 31 has memory area 31a for storing a user application program, memory area 31b for storing user data, and memory area 31c for storing basic program data (important data, e.g., amounts, an access approval code, and the like).
[0030] The user application program is provided with the same approval code as an approval code (access approval key) set upon manufacture of an IC card when the program is created. When data read/write access to basic program data memory area 31c is performed, the approval code is read out from memory area 31c, and is output to memory controller 40X.
[0031] Read/write access to area 31c is performed in response to an L-bit (e.g., 8-bit) access command, as shown in Fig. 6. Of this command, upper M bits are used as address data for indicating a start address of the basic program, and lower N bits are used as the approval code.
[0032] The basic program stored in mask ROM 29 is loaded before the manufacture of an LSI. The user application program stored in data memory 31 is loaded from the terminal as part of card issuance processing at an issuer upon completion of the manufacture of a card.
[0033] Memory controller 40X monitors operations of mask ROM 29 and data memory 31 and controls data read/write access so as to prevent basic data from being destroyed by bugs in software or noise or an illegal program from entering a user area (to prevent the basic program from being illegally modified). When the basic program is illegally modified, for example, the balance of the bank account of the card is not decreased although a user makes a purchase using IC card 10 as a cash card.
[0034] When the same approval code as that set in advance is supplied by the application program upon access to basic program data memory area 31c in data memory 31, memory controller 40X approves data read/write access to user data memory area 31b. When the same approval code is not supplied by the application program, controller 40X disapproves data read/write access to user data memory area 31b.
[0035] Calender circuit 33 has a timepiece which can be desirably set and updated by a card holder, and a transaction timepiece in which a world standard time is set upon issuance of the card and cannot be changed.
[0036] Display controller 35 converts display data supplied from CPU 28 into a character pattern using a character generator (not shown) comprising an internal ROM, and displays the character pattern on display unit 13 using display driver 36.
[0037] Keyboard interface 38 converts an input operation at keyboard 12 into a corresponding key input signal, and outputs it to CPU 28.
[0038] Memory controller 40X is arranged, as shown in Fig. 5. More specifically, the approval code which is set in advance upon manufacture of a card (lower N bits of the L-bit data shown in Fig. 6) is stored in approval code buffer 50X. Approval code buffer 50X stores an approval code supplied from CPU 28 through data bus 20 upon manufacture of the card in accordance with a write signal. Stored approval code e50X is supplied to one input terminal A of approval code comparator 51X.
[0039] Controller 40X also includes approval inquiry buffer 52X in which the approval code is set in the use of card 10. Approval inquiry buffer 52X stores an approval code supplied from CPU 28 through data bus 20 in accordance with a write signal. Stored approval code e52X is supplied to the other input terminal B of approval code comparator 51X.
[0040] Approval code comparator 51X compares approval code e50X from approval code buffer 50X and approval code e52X from approval inquiry buffer 52X to determine whether or not these codes coincide with each other. When a coincidence between the two codes is detected, coincidence output e51X is supplied to one terminal of access approval gate 53X.
[0041] Data indicating a user area, which is set in advance upon manufacture of the card (upper M bits of the L-bit data shown in Fig. 6), i.e., the start address of memory area 31c in data memory 31 is stored in user area buffer 54X. User area buffer 54X stores user area data supplied from CPU 28 through data bus 20 upon manufacture of the card in accordance with a write signal. Data e54X stored in buffer 54X is supplied to one input terminal Bin of user area comparator 55X. The other input terminal Ain of user area comparator 55X receives presently processed address data e20X supplied from CPU 28 through data bus 20.
[0042] User area comparator 55X compares address data e20X supplied from CPU 28 and user area data e54X supplied from user area buffer 54X. When an address to be accessed of memory 31 falls within a user area (memory area 31c), coincidence signal e55Xa is output from output terminal A=B of comparator 55X. When the address falls outside the user area (memory area 31c), noncoincidence signal e55Xb is output from output terminal A≠B of comparator 55X.
[0043] Coincidence signal e55Xa output from output terminal A=B of user area comparator 55 is supplied to the other terminal of access approval gate 53X. Output e53X from access approval gate 53X is supplied to one terminal of access approval gate 56X. The other terminal of access approval gate 56X receives noncoincidence signal e55Xb output from output terminal A≠B of user area comparator 55X. Output e56X from access approval gate 56X is output to data memory 31 as an access signal.
[0044] When no coincidence signal e51X as an access approval signal is supplied from approval code comparator 51X to access approval gate 53X (e51X = "1"), and when coincidence signal e55Xa (= "0") is output from output terminal A=B of user area comparator 55X, output e53X from gate 53X goes to level "1", and noncoincidence signal e55Xb of comparator 55X goes to level "1". Thus, access signal e56X output from access approval gate 56X is not enabled (e56X = "1"). When no coincidence signal e51X as an access approval signal is supplied from approval code comparator 51X to access approval gate 53X (e51X = "1") and when noncoincidence signal e55Xb (= "0") is output from output terminal A≠B of user area comparator 55X, access signal e56X output from access approval gate 56X is enabled (e56X = "0").
[0045] While coincidence signal e51X (= "0") as the access approval signal is supplied from approval code comparator 51X to access approval gate 53X, when coincidence signal e55Xa (= "0") is output from output terminal A=B of user area comparator 55X, or noncoincidence signal e55Xb (= "0") is output from output terminal A≠B of user area comparator 55X, access signal e56X output from access approval gate 56X is enabled (e56X = "0").
[0046] Data memory 31 receives an address for accessing this memory, a read signal, a write signal, and write data from CPU 28 through data bus 20.
[0047] The operation of this arrangement will be described below. Assume that an approval code and data indicating a user area (start address of basic program data memory area 31c) are set by a manufacture upon manufacture of a card. The data format of the approval code (N bits) and user area data (M bits) can be represented by L-bit (8- or 16-bit) data, as shown in Fig. 6. CPU 28 supplies the approval code set by the L-bit data and a write signal to approval code buffer 50X in memory controller 40X through data bus 20, and supplies the set user area data and a write signal to user area buffer 54X in memory controller 40X through data bus 20. Therefore, upon manufacture of IC card 10, the approval code (N bits in Fig. 6) is stored in approval code buffer 50X, and the user area data (M bits in Fig. 6) is stored in user area buffer 54X.
[0048] Upon completion of the manufacture of IC card 10 storing the data in this manner, a user application program is loaded as part of card issuance processing from terminal PC to card 10 at an issuer side.
[0049] When a user uses IC card 10 after it is issued, and when basic program data memory area 31c in data memory 31 is to be accessed, memory controller 40X enables an access signal to data memory 31 only when the same approval code as that set upon manufacture of the card is obtained. When the same approval code as that set upon manufacture of the card cannot be obtained, memory controller 40X does not enable the access signal to data memory 31. Thus, when memory area 31c is accessed by a program created by a legal user, the access is approved. However, when memory area 31c is accessed by a program which is created not by a legal user, access is disapproved.
[0050] More specifically, when memory area 31c is to be accessed, CPU 28 reads out the approval code from memory area 31c by the user application program, and outputs it to approval inquiry buffer 52X in memory controller 40X. Approval inquiry buffer 52X stores the input approval code, and outputs it to approval code comparator 51X.
[0051] Thus, approval code comparator 51X compares the approval code which is set in advance upon manufacture of the card and is supplied from approval code buffer 50X and the approval code supplied from approval inquiry buffer 52X. Only when a comparison result indicates a coincidence between the two codes, coincidence output e55Xa is output to access approval gate 53X.
[0052] CPU 28 outputs an address to be accessed to user area comparator 55X in memory controller 40X through data bus 20. User area comparator 55X compares the address supplied from CPU 28, and the user area data which is set in advance in user area buffer 54X upon manufacture of the card. When the address to be accessed falls within the user area (memory area 31c), comparator 55X outputs coincidence signal e55Xa from output terminal A=B; when the address falls outside the user area (memory area 31c), it outputs noncoincidence signal e55Xb from output terminal A≠B.
[0053] Therefore, when no coincidence signal e51X as an access approval signal is supplied from approval code comparator 51X to access approval gate 53X (e51X = "1"), and when coincidence signal e55Xa (= "0") is output from user area comparator 55X (e55Xa = "0", e55xb = "1"), the access signal output from access approval gate 56X is not enabled (e56X = "1"). When no coincidence signal e51X as an access approval signal is supplied from approval code comparator 51X to access approval gate 53X (e51X = "1"), and when noncoincidence signal e55Xb is output from output terminal A≠B of user area comparator 55X (e55Xb = "0"), access signal e56X output from access approval gate 56X is enabled (e56X = "0").
[0054] When coincidence signal e51X as an access approval signal is supplied from approval code comparator 51X to access approval gate 53X (e51X = "0"), and when coincidence signal e55Xa is output from user area comparator 55X (e55Xa = "0"), or when noncoincidence signal e55Xb is output from user area comparator 55X (e55Xb = "0"), access signal e56X output from access approval gate 56X is enabled (e56X = "0").
[0055] When access signal e56X output from access approval gate 56X of memory controller 40X is enabled (e56X = "0"), data can be written in or read out from an address of memory 31 supplied from CPU 28 at that time.
[0056] As described above, a memory area for storing a user program and basic program data is allocated on a rewritable data memory. In a data read or write mode, when the same approval code as that set in advance is supplied upon processing of the program, data read or write access to the basic program data memory area is approved.
[0057] Thus, there can be provided a highly reliable card which can prevent basic data from being destroyed and illegal software from entering by monitoring a user program operation without preparing a new LSI every time specifications are modified.
[0058] More specifically, the basic program data is stored in the rewritable memory. Since a coincidence of approval codes is checked before an area for the basic program data is released, the memory can be prevented from being accidentally released to destroy the basic function of the card.
[0059] In the above embodiment, an IC card is used. However, the present invention is not limited to this. The present invention can be applied to various other portable electronic devices as long as they have a data memory and a control element, and can selectively perform I/Os from an external device. The electronic device need not always have a card-like shape but may have other shapes such as a rod-like shape. Battery 25 may be a solar cell.
1. A portable electronic device comprising:
a data processing unit (28) having a function of basic processing of the device and a function of user application processing;
memory means (29 - 31), having a first memory area which is inhibited from writing, for storing a program for executing the basic processing, and a rewritable second memory area for storing a user application program and data of the user application program;
means (40x) for approving read/write access to said second memory area when having received an access command to access the second memory area by a predetermined access command including a predetermined access approval code; and
means (40x) for disapproving read/write access to said second memory area when the access command does not include the predetermined access approval code.
a data processing unit (28) having a function of basic processing of the device and a function of user application processing;
memory means (29 - 31), having a first memory area which is inhibited from writing, for storing a program for executing the basic processing, and a rewritable second memory area for storing a user application program and data of the user application program;
means (40x) for approving read/write access to said second memory area when having received an access command to access the second memory area by a predetermined access command including a predetermined access approval code; and
means (40x) for disapproving read/write access to said second memory area when the access command does not include the predetermined access approval code.
2. A device according to claim 1, characterized in that the access command includes
the predetermined access approval code and start address data of the program for executing
the basic processing function.
3. A device according to claim 2, characterized in that said control means includes:
a first approval code buffer (50x) for storing an approval code set in advance in the device;
a second approval code buffer (52x) for storing the predetermined access code when the device is used;
code coincidence detection means (51x) for comparing the approval code stored in said first approval code buffer and the approval code stored in said second approval code buffer and for, when the two approval codes coincide with each other, outputting a code coincidence signal;
a user area buffer (54x) for storing the start address data when the device is used;
address coincidence detection means (55x) for comparing the start address data stored in said user area buffer and address data output from said data processing unit, for, when the two address data coincide with each other, outputting an address coincidence signal, and for, when the two address data do not coincide with each other, outputting an address noncoincidence signal; and
a logic circuit means (53x, 56x) for, when the code coincidence signal and the address coincidence signal are output, approving read/write access to said second memory area, and for, when the code coincidence signal is not output, disapproving read/write access to said second memory area even when the address coincidence signal is output.
a first approval code buffer (50x) for storing an approval code set in advance in the device;
a second approval code buffer (52x) for storing the predetermined access code when the device is used;
code coincidence detection means (51x) for comparing the approval code stored in said first approval code buffer and the approval code stored in said second approval code buffer and for, when the two approval codes coincide with each other, outputting a code coincidence signal;
a user area buffer (54x) for storing the start address data when the device is used;
address coincidence detection means (55x) for comparing the start address data stored in said user area buffer and address data output from said data processing unit, for, when the two address data coincide with each other, outputting an address coincidence signal, and for, when the two address data do not coincide with each other, outputting an address noncoincidence signal; and
a logic circuit means (53x, 56x) for, when the code coincidence signal and the address coincidence signal are output, approving read/write access to said second memory area, and for, when the code coincidence signal is not output, disapproving read/write access to said second memory area even when the address coincidence signal is output.
4. A device according to claim 2, characterized in that said control means includes:
a first approval code buffer (50x) for storing an approval code set in advance in the device;
a second approval code buffer (52x) for storing the predetermined access code when the device is used;
code coincidence detection means (51x) for comparing the approval code stored in said first approval code buffer and the approval code stored in said second approval code buffer and for, when the two approval codes coincide with each other, outputting a code coincidence signal;
a user area buffer (54x) for storing the start address data when the device is used;
address coincidence detection means (55x) for comparing the start address data stored in said user area buffer and address data output from said data processing unit, for, when the two address data coincidence signal, and for, when the two address data do not coincide with each other, outputting an address noncoincidence signal; and
a logic circuit means (53x, 56x) for, when both the code coincidence signal and the address coincidence signal are output or when the address noncoincidence signal is output, approving read/write access to said second memory area and, for, when no code coincidence signal is output, disapproving read/write access to said second memory area even when the address coincidence signal is output.
a first approval code buffer (50x) for storing an approval code set in advance in the device;
a second approval code buffer (52x) for storing the predetermined access code when the device is used;
code coincidence detection means (51x) for comparing the approval code stored in said first approval code buffer and the approval code stored in said second approval code buffer and for, when the two approval codes coincide with each other, outputting a code coincidence signal;
a user area buffer (54x) for storing the start address data when the device is used;
address coincidence detection means (55x) for comparing the start address data stored in said user area buffer and address data output from said data processing unit, for, when the two address data coincidence signal, and for, when the two address data do not coincide with each other, outputting an address noncoincidence signal; and
a logic circuit means (53x, 56x) for, when both the code coincidence signal and the address coincidence signal are output or when the address noncoincidence signal is output, approving read/write access to said second memory area and, for, when no code coincidence signal is output, disapproving read/write access to said second memory area even when the address coincidence signal is output.
5. A device according to claim 1, characterized in that said memory means includes
an electrically-erasable programmable ROM for said second memory area.
6. A device according to claim 5, characterized in that said electrically-erasable
programmable ROM stores the user application program and a user's identification number.
7. A device according to claim 1, characterized in that said memory means includes
a ROM for said first memory area.
8. A device according to claim 7, characterized in that said ROM stores the program
for executing the basic processing function, and data used when the program is executed.
9. A device according to claim 1, characterized in that said device has an on-line
mode in which said device in use is connected to an external apparatus (16), and an
off-line mode in which said device is solely used, and is assembled in an IC card
which incorporates a built-in battery (25).
10. The device according to claim 9, characterized in that the basic processing function
includes a credit transaction function.
11. The device according to claim 9, characterized in that the basic processing function
includes a calendar function.
12. A device according to claim 11, further comprising:
a calendar circuit (33) including a user timepiece which can be desirably set by a user, and a timepiece which can be set by an issuer of said IC card but cannot desirably be set by the user.
a calendar circuit (33) including a user timepiece which can be desirably set by a user, and a timepiece which can be set by an issuer of said IC card but cannot desirably be set by the user.
13. A device according to claim 9, characterized in that said IC card is powered by
said external apparatus (16) in the on-line mode, and is powered by the built-in battery
(25) in the off-line mode.